Cyber-attacks are on the rise. Threat actors are continuing to deploy a variety of techniques — both new and old — that apply pressure on a greater scope within companies, collaterally impacting their third parties as well. Additionally, there has been a geopolitical paradigm shift to strategic competition — a place we have not been in the last thirty years. With so much data of interest to nation states now in the hands of the private sector as opposed to the hands of the government, adversaries have shifted their focus accordingly.
As ransomware proliferates around the world and breaches become more common and costly, organizations are understandably concerned. Many want to know what comes next, which can be challenging to predict. That said, based on the current threat landscape — the geopolitical paradigm shift, the increased adoption of emerging technologies and the heightened regulatory environment we find ourselves in — we’ve put together four key trends to watch out for in the New Year — and some tips for how companies can help bolster their defenses and resilience in the face of anticipated disruption.
1. Enhancing transparency to grapple with the mosaic of regulation
There are several regulations at the state, federal and international level that organizations, particularly multinationals, should be focused on:
NY DFS 500, the
California Privacy Protection Agency’s (CPPA) draft Cybersecurity Audit and Risk Assessment Regulations, the
EU’s GDPR and the
SEC cyber rules, to name a few. Additionally, there is the
anticipated CISA cyber incident reporting rule, coming as soon as March 2024. This patchwork of regulations will likely continue to grow in complexity in the months ahead.
So, how can companies untangle this — and where is the most effective place to begin? Start with understanding which regulations apply to your organization. Then, rationalize the common requirements between them and implement no regrets decisions to address those head on. Then, take stock of unique requirements for various geographies. Lastly, engage in public policy to help influence future regulation.
In this evolving regulatory climate, companies that embrace this new era of transparency are likely setting themselves up for success. Those who shy away from transparency do so at their own reputational risk.
2. Scaling cloud security with adoption
According to
PwC’s 2024 Global Digital Trust Insights Survey (DTI), securing cloud environments at the pace of innovation is proving to be a challenge for many organizations, with about two-thirds of respondents admitting they have no risk management plan in place for the cloud. The implications of this are that companies are not as far along in their cloud journey as they’d like to be, and security is often the barrier to keeping pace.
From a practical standpoint, organizations should be focused on developing a cloud security framework and re-useable cloud security components. To that end, leading companies are investing in cloud security posture management solutions.
Forward-thinking organizations are taking their cloud strategy a step further by diversifying their cloud providers. Per DTI, these companies are more likely to currently use a hybrid of public and private cloud providers (57%) and have implemented a plan that is continually updated to mitigate hyperscaler challenges, a winning strategy that many companies should consider.
3. Defending against and recovering from ransomware at scale
While we are unable to predict threat actors’ exact trajectory or tactics, there's potential for a continued focus on inflicting harm at scale. Emerging technologies like generative AI can allow adversaries to more quickly identify susceptible targets, including those with means and those who may be more likely to pay a hefty ransom.
Here are a few tips for navigating the wide variety of tactics:
- Do the basics well. Threat actors seek out easy targets. Mastering the basics, like multi-factor authentication and condensing sprawling legacy systems, can harden defenses and make it more challenging for threat actors to break through. Acing the fundamentals may not eliminate your risk, but it can significantly reduce it.
- Lean into planning. Whether it’s incident response, crisis management, disaster recovery or business continuity, having a well-documented approach for many possible scenarios and clearly communicating it across your organization can be crucial to limiting the impact of a breach.
- Exercise and refine. Perform tabletop exercises of those plans first at an operational level, and then at the executive level, and then once more with the board. Continuously test these plans and refine the process leaving no stone unturned.
- Keep records as your plans evolve. As you continuously test and update your plan, one of the most crucial steps is thorough documentation. Against the backdrop of heightened cyber incident reporting, maintaining a record of how your approach changes over time — including how you respond and how you communicate your decisions to various stakeholders — can be critical.
-
4. Leveraging GenAI for cyber defense
GenAI is a solution that can be used to help defend against threat actors. Companies should explore responsible use cases for GenAI as a defense mechanism, as it can help them against the escalating cyber threat landscape. Here are two use cases that can help bolster your defenses with GenAI:
- Threat detection and analysis. GenAI can more effectively manage many of the activities traditionally performed by level-one security operations center (SOC) analysts, freeing up valuable time for them to focus on more strategic tactics for cyber defense. GenAI can analyze the predetermined detection rules that SOC analysts rely on, help to identify gaps and even discover new types of attacks that analysts might have otherwise missed. GenAI can also learn to recognize sophisticated spear-phishing attempts and identify patterns and anomalies that traditional signature-based detection systems may overlook.
- Cyber risk and incident reporting. Through natural language processing, GenAI can turn technical jargon into information that is more easily digestible. It can create targeted reports and be trained to create templates for comparisons to industry standards, leading practices and regulations — a big advantage as we face increased regulatory attention to cyber-breach reporting.
Although the cyber threat landscape can be tactically unpredictable, from a strategic standpoint, there are patterns emerging that companies can zero in on in the year ahead. We know that the geopolitical paradigm shift, increased cloud adoption and the threats, opportunities and regulations that emerging technologies have created are setting the stage for what’s to come. Companies that focus on transparency, bolstering security and resilience, making their cyber risk management programs agile and well-documented and leverage GenAI for cyber defense can be well poised to navigate what lies ahead.
Joe Nocera, Partner, Cyber and Tech Risk Solution Leader
Joe Nocera is PwC’s Cyber and Tech Risk Solution leader, and a Consulting Solutions partner in the Chicago office. He has over 26 years of experience focusing on cybersecurity, IT risk and large-scale systems implementation. As the Cyber and Tech Risk Solution leader, Joe spearheads the business development and solution activation efforts on cybersecurity for the US Cyber, Risk and Regulatory practice. He is passionate about understanding the technical challenges of cybersecurity and translating these into practical business solutions that are achievable in a corporate culture.
Matt Gorham, Leader, PwC's Cyber & Privacy Innovation Institute
Matt Gorham currently serves as a Senior Managing Director leading PwC’s Cyber and Privacy Innovation Institute. Prior to his current role, he had a twenty-five-year career with the Federal Bureau of Investigation. Among other leadership roles during his tenure, Matt served as the Director of the National Cyber Investigative Joint Task Force (NCIJTF) and the Deputy Assistant Director of the Critical Incident Response Group (CIRG), where he oversaw the FBI's national crisis response assets. In his final FBI role, Matt served as the Assistant Director of the FBI’s Cyber Division, where he led all FBI cyber investigations and operations for nation state and criminal actors.